Hackers are increasingly wicked about hiding themselves

Cyber ​​criminals constantly raise "process" in hiding and disguising their malicious attack code, security firm Arbor Networks warns.

More and more malicious code (often written in JavaScript language) is used to attack PC hidden within Flash graphics, making it difficult to detect the source of the website.

" These messy tools are simple but very effective ," said expert Jose Nazario. " Security methods that are based on specific signals to identify malicious code are also blinded ."

According to StopBadware.org website, online attack has become so popular. Tens of thousands of websites are stalking to install malicious code on non-computer computers through security holes of the Web browser.

Many attacks have used JavaScript. Initially, they only used "plain" JavaScript, but so far the situation has changed.

The game "cat chasing mice"

Picture 1 of Hackers are increasingly wicked about hiding themselves Source: Infotech Nazario expert has discovered a Flash section with the "Makemelaugh" name that after a user activates will quietly download the Trojan to the computer. The task of this Trojan is to find ways to steal victims' bank and financial information. In addition, there is a scandal girl Flash animator Paris Hilton - with the mission to turn PC into zombies and join the botnet.

A new toolkit being handed over in hackers under the name NeoSploit will identify the Web browser and point to the vulnerabilities within the browser to deploy the attack.

Of course, security experts still have a way to fight back. " They are limited by the regulation that JavaScript must be decoded, the browser will understand. If you can analyze it outside of the browser, you will guess the final purpose of the code ."

Effective tools to investigate script code, according to Nozario's recommendations, are NJS, SpiderMonkey and Rhino. Flash files can be analyzed through a program called Flasm.

However, hackers can still embed JavaSipt code directly inside a Web page and launch them without notice, regardless of which browser you are surfing with.

To protect themselves, users should disable the JavaScript feature in the browser, but this affects the normal functionality of many Web sites. Another solution is to use security software such as McAfee's SiteAdvisor or Google Toolbar, which is equipped with a "blacklist" of dangerous websites.

Trong Cam